Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dalbum dalbum |
||
dalbum dalbum 1.04 |
||
dalbum dalbum 1.05 |
||
dalbum dalbum 1.22 |
||
dalbum dalbum 1.21 |
||
dalbum dalbum 1.20 |
||
dalbum dalbum 1.10 |
||
dalbum dalbum 1.07 |
||
dalbum dalbum 1.31 |
||
dalbum dalbum 1.3 |
||
dalbum dalbum 1.08 |
||
dalbum dalbum 1.06 |
||
dalbum dalbum 1.34 |
||
dalbum dalbum 1.32 |
||
dalbum dalbum 1.03 |
||
dalbum dalbum 1.09 |
||
dalbum dalbum 1.35 |
||
dalbum dalbum 1.33 |